Stack Overflow Vulnerability in Onlyoffice Document Server and Core Products
CVE-2022-29776

9.8CRITICAL

Key Information:

Vendor

Onlyoffice

Status
Core
Document Server
Vendor
CVE Published:
2 June 2022

What is CVE-2022-29776?

A stack overflow vulnerability has been identified in Onlyoffice Document Server versions 6.0.0 and earlier, and in Core version 6.1.0.26 and previous versions. This flaw occurs in the DesktopEditor component, specifically within the File.cpp module. This type of vulnerability can allow attackers to execute arbitrary code or disrupt the normal operation of the affected software, potentially leading to unauthorized access or data loss.

References

https://github.com/ONLYOFFICE/DocumentServer/blob/master/...
x_refsource_MISC
https://github.com/ONLYOFFICE/core/commit/88cf60a3ed4a2b4...
x_refsource_MISC
https://github.com/moehw/poc_exploits/tree/master/CVE-202...
x_refsource_MISC

EPSS Score

16% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2022-29776 : Stack Overflow Vulnerability in Onlyoffice Document Server and Core Products